Atlas
- A brief description of what you are looking to do
- How you think this will help
- Why this matters to you
74 results found
-
Support OIDC as Authentication Protocol for access to Mongo Portal
Currently SAML is supported: https://www.mongodb.com/docs/atlas/security/federated-authentication/#configure-federated-authentication
It would be preferable if OIDC was supported.
1 vote -
Atlas access management similar to Azure AD Privileged Identity Management (PMI)
Hello, we are looking for functionality that allows users to auto-promote or adjust their privileges based on the access needed.
For example: if user XYZ needs access to DB:123 he can elevate access himself to this db.
This would be similar to Azure Active Directory (Azure AD) Privileged Identity Management (PIM). A service offered by Microsoft as part of its Azure cloud platform. It helps organizations manage, control, and monitor access within their Azure AD environment, particularly for privileged accounts. These accounts have elevated permissions that can perform critical tasks, such as managing resources, configuring settings, or accessing sensitive data.
…
1 vote -
Hello, your login captcha is a real pain ********** !!!!!
Hello, your login captcha is a real pain ********** !!!!!
1 vote -
Atlas Role
The idea would be to have more advanced options when configuring access management to different projects/clusters.
A lot of companies would benefit greatly from seeing a segregation of roles and access to different features on a project.
It would be beneficial to have more read roles - focus on the metadata layer, but it would be also nice to have it on the DB level e;g. Onboarding a local entity - DBAs want to see only dedicated DB information - should be then between their responsibility.
The idea is to have differentiation between metadata and data, It can be particularly…
1 vote -
Include IdP Group and Atlas Role mapped in the ROLE_MAPPING_CREATED event
When an Atlas Role is mapped to an IdP group in the Federation Management Console, an event is created with the eventTypeName "ROLEMAPPINGCREATED" and the description "A Role Mapping was Created". The event returns in both the Atlas Admin API events endpoint and the Organization Alerts. It would be beneficial for auditing to include the IdP group and Atlas Role in the event.
2 votes -
Associate domains to an IDP at Organization level rather than for entire mongodb.com
At this time domain to IDP associations apply to entire mongodb.com. This makes it very difficult for large companies that have several independent departments to use mongodb.com. Some departments might want to create separate Atlas organizations and others simply access Support section of mongodb.com web-site. They wouldn't want to share an IDP created within one Atlas organization.
One possible approach to addressing this issue is for an Atlas organization to have a distinct sub-domain on mongodb.com (e.g. bigco-org-a.mongodb.com). Another approach would be to have a field for Atlas Organization name on logon page.
2 votes -
Parent - Child account set up
I have a client that has multiple BUs and would like to organize them under a Parent account. From my understanding, Atlas does not currently support a Parent-child account set up. This would be beneficial to have as we continue to onboard our enterprise clients and we get more use cases.
1 vote -
org owner permissions won't revoke due to role mapping
When choosing to use idp role mapping, if a user is not part of a group, his permissions are revoked, including locking him out of crucial administration options.
Users with the org owner permissions should be handled as super users and be excluded from any role mapping in order to refrain from having their permissions change
1 vote -
U domain Verification
If you are able to verify the parent domain for your company, then you shouldn't need to have to verify the sub-domains associated with that domain. Company's do not generally advertise their internal u-domains on the internet therefore any verification on that sub-domain will naturally fail. This is hindering us from integrating our Okta credentials with our login information.
2 votes -
Backup for project user
Hello,
it would be good if we could better granulate which users have access to cloud backups.
Currently only a project user with Project Owner rights can perform backups, restores etc. It would be really cool if some users, such as developers, could be given the right to work with the backup, and at the same time not have to have the Project Owner right, as it is not wanted to be able to add users, create and delete clusters etc...
9 votes -
Option to Enforce Certain MFA Methods
Allow certain MFA methods to be disabled for our Organization.
e.g. we don't trust SMS or Email so want to force our users to only use Google Auth / Security Key/Biomeytric or Okta.3 votes -
Share API key cross organizations
Today, it's not possible to share an API key between different organizations (https://www.mongodb.com/community/forums/t/sharing-api-key-between-different-organizations/190785/13)
It makes it impossible to restore snapshots from one organization to another automatically.It's very important for us, as we need this feature to clone our customers clusters into our organization
16 votes -
Ability to enable LDAP and IAM auth at the same time
We would like the ability to have LDAP and IAM auth enabled on the same cluster at the same time. Today, you can only have one enabled, not both. Our goal is to use IAM auth for programatic access and LDAP auth for human access.
Please let us know when this gets prioritized.
8 votes -
Atlas feature request
While adding access for teams to a project in Mongo UI, there should be an option to limit access to a particular cluster.
For example: If there are 3 clusters in a project, then team 1 should have access only to cluster1 and team2 to cluster 2 and so on.1 vote -
trigger manage role
expanding Trigger management role beyond the Project Owner role
2 votes -
Atlas User permissions/role by Cluster
It would be very helpful to restrict/allow access to clusters within an Atlas project, by Atlas user. This can be achieved with database users, but Atlas users have all or nothing access to the clusters within a project.
5 votes -
Warn when attempting to add a new IP address to network access that is already covered by an existing entry
Currently, if one tries to add a new IP address to the list of whitelisted IPs for a database in the 'Network Access' page, and the new IP is a duplicate of an existing entry, there is no warning or indication given to the user, and the list of IPs remains unchanged.
This makes it seem like the button to add a new IP doesn't work, as the list of IPs doesn't change.
So there should be some indication that the user attempted to add a duplicate IP, and because of that, the list of allowed IPs was not changed.
1 vote -
Separate access control for read-only replicas
There is a multi-replica cluster and there are read replicas. I consider it necessary to add the ability to restrict access separately for a read-only replica. Thus, limit the connection not only to the entire cluster at the project level, but also to specific replicas (for example, limiting access to read replicas).
I think that this is a standard business problem, the solution of which is simply necessary to exist in a product like yours.3 votes -
Recreate Account | Sign Up | MongoDB Atlas
There are many new web developer come on MongoDB Atlas. There create there account and start working but don't know any thing about MongoDB. Something goes wrong on there setup and decided to recreate there account and follow all the instructions. But after deleting there account they see that they can't use there old email address.
Because of this situations that I faced. I don't want these to be faced by someone else so I recommend MongoDB Atlas to remove this security policy. Guys, Do you support me?1 vote -
Allow access from anywhere button to be a separate UI permission
"allow access from anywhere" button should be a separate privilege. This would allow the ability to add it to a role. The goal is to allow developers to log into the control plane, use the UI to add 1 single IP(theirs)...but not open up IPs to all(0.0.0.0/0).
3 votes
- Don't see your idea?